(GENERAL-23-35) FBI/CISA RELEASE JOINT ADVISORY on Active Exploitation of a PaperCut Vulnerability Against Educational Facilities

Author
Federal Student Aid
Electronic Announcement ID
GENERAL-23-35
Subject
FBI/CISA RELEASE JOINT ADVISORY on Active Exploitation of a PaperCut Vulnerability Against Educational Facilities

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. PaperCut MF and NG are broadly used by Institutions of Higher Education and K-12 schools. This vulnerability enables an unauthenticated actor to execute malicious code remotely without credentials.

PaperCut released a patch in March 2023 to correct this issue. FBI and CISA strongly encourage users and administrators to immediately apply patches, or workarounds if unable to patch. CISA’s related CSA Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG provides detection methods for exploitation and details known indicators of compromise (IOCs) and mitigations.

As always, CISA and FSA recommend IHEs follow best cybersecurity practices, including mandating phishing-resistant multifactor authentication (MFA) for all staff and for all services. For additional best practices, see CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs). The CPGs, developed by CISA and the National Institute of Standards and Technology (NIST), are a prioritized subset of IT and OT security practices that can reduce the likelihood and impact of known cyber risks. Because the CPGs are a subset of best practices, all organizations should implement a comprehensive information security program based on a recognized framework, such as the NIST Cybersecurity Framework (CSF).

To get CISA Alerts directly, subscribe to updates from CISA.

Contact Information

Report a breach with the Cybersecurity Intake Form. If you have any questions about the information included in this announcement, or to sign up for our Quarterly newsletter, please contact FSASchoolCyberSafety@ed.gov.